Vendor Risk Management Blog

Why the Right Risk Management Software Is So Important

Posted by Jason James


A recent data breach highlights the importance of vendor risk management. A Utah-based essential oil company sent a letter to customers informing them that their personal information, including Social Security numbers, payment card info, dates of birth, usernames, and passwords—the whole shebang of consumer data that could be stolen—was compromised because of a third party. The disturbing part of the incident, at least for risk professionals, is that the vendor was contracted for software and data hosting. Yes, a vendor relied upon to protect data apparently didn’t do such a great job …

Tags: risk management software, vendor risk

Risk Scoring’s Role with Vendor Compliance Solutions

Posted by Jason James


Another day of news, another whopper of a data breach makes headlines. This recent incident is a report that 272.3 million usernames and passwords for email accounts were stolen and are being traded in the Russian criminal underworld. Although the majority of the hacked records were from a Russian email service, other services, including Google, Yahoo, and Microsoft, were affected. As the article states, the info is valuable because cybercriminals know many end-users keep the same password for many accounts. The bad guys simply need to find a similar username on a different service, type in the common password, and voila, they are in …

Tags: vendor compliance, risk scoring

Risk Management Partners: 4 Red Flags to Look For

Posted by Jason James


Third-party risk is on the rise—at least that’s what business executives believe. And they may be right.

According to new research by the Ponemon Institute, 70 percent of the 617 executives interviewed believe that vendor risk is significantly increasing within their respective organizations. More alarmingly, only 18 percent said their companies are assessing third parties for cyber risk.

Tags: third-party risk, risk management

How Risk Assessment Software Brings Peace of Mind to Risk Managers

Posted by Jason James


Verizon’s latest Data Breach Investigations Report is out, and as in past years, it contains enough bad news to keep risk professionals and IT departments up at night. Here’s one finding that might cause nightmares if you somehow overcome any risk-induced insomnia: 63 percent of data breaches were achieved via legitimate user credentials. In other words, in nearly two-thirds of incidents, hackers didn’t employ some advanced technological attack to access systems, but rather, used weak, stolen, or in-place (saved) passwords to intrude.

Tags: risk assessment software, risk managers

Vendor Screening: What It Will Look Like in 2020

Posted by Jason James


Think about how much third-party risk management has changed over the past 25 years. The methods used for vendor screening have evolved—remember, the spreadsheet-based assessment was once considered a bold, and helpful, step. And risk itself has changed; the average person in 1991 would never have guessed a portable phone would be the primary way people access the Internet in 2016, much less know that something like the Internet would even exist. Vendor screening has evolved along the way, and risk professionals have become adept in evolving to the changing landscape as well.

Tags: Vendor Screening

4 Risk Management Tips to Consider as Technology Evolves

Posted by Jason James


By 2020, an estimated 6.1 billion smartphones will be in use. That covers about 70 percent of the world population. The number is staggering considering that smartphones did not exist 10 years ago, and that most of us were still using little flip phones on which we were just happy to snap an occasional picture or send very short texts.

Tags: Risk Managment

4 Keys to Success with Healthcare Vendor Management Programs

Posted by Jason James

The Identity Theft Resource Center has been tracking data breaches since 2005, recently passing the 6,000 mark over that time. Of those 6,000 breaches, 27.9 percent occurred in the healthcare industry, which is only second only to the business sector (at 35.6 percent). However, a more revealing stat the ITRC offered was that of the 176.5 million medical records exposed during that time, only 1.5 million were physically stolen. The rest were hacked, and though the report doesn’t break down how many of the comprised records were the fault of third-party carelessness, vendors remain a big concern for healthcare organizations and their risk departments.

Tags: Vendor Risk Management, healthcare compliance

Banking Risk Management: What We Learned from 2015

Posted by Jason James


According to Kaspersky Lab, 82 percent of businesses would consider leaving a bank if it had suffered a data breach. Consumers may be (slightly) more tolerant of financial institutions that are compromised, but many companies simply can’t afford trusting their assets to a bank they deem unreliable.

Tags: risk management, banking risk

Why the Integration of Siloed Risk Management Procedures Is Crucial

Posted by Jason James

ou likely have heard all about the data breaches in which a vendor was responsible for the compromise. Furthermore, the news of said breaches might have spurred you to examine your organization’s own vendor risk management processes. Indeed, a new survey discovered that 81 percent of companies admitted that high-profile compromises caused by third parties led them to look at their own controls so that, theoretically, the same disaster doesn’t happen to them. However, the research also found that only 35 percent of respondents knew each and every vendor that was accessing its systems. Seemingly, knowing of a third-party risk problem and taking action are two ends of the spectrum for many organizations, with a wide gap in between …

Tags: Risk Managment

A Healthcare Risk Assessment Made Easy

Posted by Jason James


Cyberattacks are a major cause of data breaches in the healthcare industry. But then, there are compromises in which a brief moment of carelessness can cause an incredible headache.

Tags: healthcare compliance, risk assessments

Subscribe to Email Updates

ISO 27001 Ebook

Browse by Topic